[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Nov 23 10:14:59 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5a13f24c by Moritz Muehlenhoff at 2023-11-23T11:14:34+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2023-49146 (DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG do ...)
-	TODO: check
+	NOT-FOR-US: dom-sanitizer
 CVE-2023-49102 (NZBGet 21.1 allows authenticated remote code execution because the una ...)
 	NOT-FOR-US: NZBGet
 CVE-2023-48107 (Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an  ...)
 	- zlib-ng <itp> (bug #1002056)
 CVE-2023-48105 (An heap overflow vulnerability was discovered in Bytecode alliance was ...)
-	TODO: check
+	NOT-FOR-US: wasm-micro-runtime
 CVE-2023-47839 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-47835 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -65,7 +65,7 @@ CVE-2023-41140 (A maliciously crafted PRT file when parsed through Autodesk Auto
 CVE-2023-41139 (A maliciously crafted STP file when parsed through Autodesk AutoCAD 20 ...)
 	NOT-FOR-US: Autodesk
 CVE-2023-40002 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce plugin
 CVE-2023-39253 (Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 c ...)
 	NOT-FOR-US: Dell
 CVE-2023-48706 (Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-a ...)
@@ -222,9 +222,9 @@ CVE-2023-47313 (Headwind MDM Web panel 5.22.1 is vulnerable to Directory Travers
 CVE-2023-47312 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Contro ...)
 	NOT-FOR-US: Headwind MDM Web panel
 CVE-2023-47251 (In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a ...)
-	TODO: check
+	NOT-FOR-US: TightGate-Pro Server
 CVE-2023-47250 (In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, b ...)
-	TODO: check
+	NOT-FOR-US: TightGate-Pro Server
 CVE-2023-47014 (A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester St ...)
 	NOT-FOR-US: Sourcecodester Sticky Notes App
 CVE-2023-46673 (It was identified that malformed scripts used in the script processor  ...)
@@ -238,9 +238,9 @@ CVE-2023-43082 (Dell Unity prior to 5.3 contains a 'man in the middle' vulnerabi
 CVE-2023-43081 (PowerProtect Agent for File System Version 19.14 and prior, contains a ...)
 	NOT-FOR-US: Dell
 CVE-2023-3104 (Lack of authentication vulnerability. An unauthenticated local user is ...)
-	TODO: check
+	NOT-FOR-US: Unitree Robotics A1
 CVE-2023-3103 (Authentication bypass vulnerability, the exploitation of which could a ...)
-	TODO: check
+	NOT-FOR-US: Unitree Robotics A1
 CVE-2023-39925 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Com ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-2889 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -34522,13 +34522,13 @@ CVE-2023-29078
 CVE-2023-29077
 	RESERVED
 CVE-2023-29076 (A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed t ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2023-29075 (A maliciously crafted PRT file when parsed through Autodesk AutoCAD 20 ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2023-29074 (A maliciously crafted CATPART file when parsed through Autodesk AutoCA ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2023-29073 (A maliciously crafted MODEL file when parsed through Autodesk AutoCAD  ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2023-29072
 	RESERVED
 CVE-2023-29071
@@ -35547,7 +35547,7 @@ CVE-2023-28813
 CVE-2023-28812
 	RESERVED
 CVE-2023-28811 (There is a buffer overflow in the password recovery feature of Hikvisi ...)
-	TODO: check
+	NOT-FOR-US: hikvison
 CVE-2023-28810 (Some access control/intercom products have unauthorized modification o ...)
 	NOT-FOR-US: hikvison
 CVE-2023-28809 (Some access control products are vulnerable to a session hijacking att ...)
@@ -50287,7 +50287,7 @@ CVE-2023-23980 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-23979 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Q ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23978 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-23977 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23976



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a13f24c3e0268e2e1f4fd6fa7860b55d1c7960b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a13f24c3e0268e2e1f4fd6fa7860b55d1c7960b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231123/0c85bc93/attachment.htm>

More information about the debian-security-tracker-commits mailing list